Two U.S. Nationals Sentenced for Facilitating Fraudulent Remote Information Technology Worker Scheme that Generated $5M in Revenue for the Democratic People’s Republic of Korea

The Defendants Managed and Operated “Laptop Farms” Intended to Deceive Victim Employers Into Believing They Had Hired U.S.-Based IT Workers Two U.S. nationals, Kejia Wang, 42, and Zhenxing Wang, 39, have been sentenced for their roles in facilitating North Korean remote information technology (IT) workers posing as U.S. residents to obtain work at more than 100 U.S. companies. The multi-year scheme used the stolen identities of at least 80 U.S. persons and generated more than $5 million in illicit revenue for the government of the Democratic People’s Republic of Korea (DPRK). Kejia Wang, of Edison, New Jersey, was sentenced to 108 months in prison. In September 2025, he pleaded guilty in the District of Massachusetts to conspiracy to commit wire fraud, conspiracy to commit money laundering, and conspiracy to commit identity theft. Zhenxing Wang, of New Brunswick, New Jersey, was sentenced to 92 months in prison. In January 2026, he pleaded guilty in the District of Massachusetts to conspiracy to commit wire fraud and conspiracy to commit money laundering. In addition to the sentences of imprisonment, U.S. District Court Judge Nathaniel M. Gorton ordered the defendants to serve three years each of supervised release and to forfeit a total of $600,000 that was paid to them for facilitating the North Koreans. As of today, the United States has already received $400,000 of the ordered forfeiture amount. The court also ordered Kejia Wang to pay a judgment of $29,236.03 in restitution. “For years, the defendants enriched themselves by assisting North Korean actors in a fraudulent scheme to gain employment with U.S. companies,” said Assistant Attorney General for National Security John A. Eisenberg. “The ruse placed North Korean IT workers on the payrolls of unwitting U.S. companies and in U.S. computer systems, thereby harming our national security. NSD will hold accountable those who facilitate North Korea’s illicit revenue generation efforts.” “This case exposes a sophisticated scheme that exploited stolen American identities and U.S. companies to generate millions of dollars for a hostile foreign regime. By operating so-called ‘laptop farms,’ these defendants enabled overseas actors to infiltrate U.S. businesses, access sensitive data and undermine our economic and national security,” said U.S. Attorney Leah B. Foley for the District of Massachusetts. “The sentences imposed this week reflect the seriousness of this conduct and our commitment to holding accountable those who facilitate sanctions evasion and foreign threats from within our borders.” According to court documents, from approximately 2021 until October 2024, the defendants and their co-conspirators compromised the identities of more than 80 U.S. persons to obtain remote jobs at more than 100 U.S. companies, including many Fortune 500 companies, and caused U.S. victim companies to incur legal fees, computer network remediation costs, and other damages of at least $3 million. Kejia Wang traveled to Shenyang and Dandong, China on two separate occasions in 2023, to meet with overseas actors about the scheme, including a former classmate that Kejia Wang knew was from North Korea. Kejia Wang went on to serve as the U.S.-based manager for the scheme, supervising at least five facilitators in the United States who collectively hosted hundreds of computers of U.S. victim companies at their residences. Zhenxing Wang was among the U.S. facilitators who received and hosted victim company laptops at his residence. He and the others also enabled overseas IT workers to access the laptops remotely by, among other things, connecting the laptops to hardware devices designed to allow for remote access (referred to as keyboard-video-mouse or “KVM” switches). Kejia Wang and Zhenxing Wang created shell companies with corresponding financial accounts, including Hopana Tech LLC, Tony WKJ LLC, and Independent Lab LLC, to make it appear as though the overseas IT workers were affiliated with legitimate U.S. businesses. In fact, these companies had no employees or operations and existed only to further the scheme and enable the defendants and their co-conspirators to receive proceeds from the scheme. The financial accounts established by the two defendants for these shell companies ultimately received millions of dollars from victimized U.S. companies, much of which was subsequently transferred to overseas co-conspirators. In exchange for their services, Kejia Wang, Zhenxing Wang, and the four other U.S. facilitators received nearly $700,000 for their respective roles in the scheme. IT workers employed under this scheme also gained access to sensitive employer data and source code, including International Traffic in Arms Regulations (ITAR) data from a California-based defense contractor that develops artificial intelligence-powered equipment and technologies. Specifically, between on or about January 19, 2024, and on or about April 2, 2024, an overseas co-conspirator remotely accessed without authorization the company’s laptop and computer files containing technical data and other information. The stolen data included information marked as being controlled under the ITAR. The other eight defendants indicted in June 2025 remain at large and wanted by the FBI. Concurrent with today’s announcement, the U.S. Department of State’s Rewards for Justice (RFJ) program, administered by the Diplomatic Security Service, announced a reward of up to $5 million for information leading to the disruption of financial mechanisms of persons engaged in certain activities that support DPRK, including money laundering, exportation of luxury goods to North Korea, specified cyber-activity and actions that support weapons of mass destruction proliferation. The reward is offered for the following eight defendants who are alleged to have participated in the above-described scheme and one suspected IT worker: Xu Yongzhe (徐勇哲) Huang Jingbin (黄靖斌) Tong Yuze (佟雨泽) Zhou Baoyu (周宝玉) Yuan Ziyou (Samuel Yuan) Zhou Zhenbang (周震邦) Liu Menting (劉孟婷) Liu Enchia (刘恩嘉) Song Min Kim (also known as Chengmin Jin) Previously, in June 2025, the FBI and Defense Criminal Investigative Service (DCIS) announced the seizure of 17 web domains used in furtherance of this scheme and the seizure of 29 financial accounts, holding tens of thousands of dollars in funds, used to launder revenue for the North Korean regime through the remote IT work scheme. In October 2024, as part of this investigation, federal law enforcement executed searches at eight locations across three states that resulted in the recovery of more than 70 laptops and remote access devices, such as KVMs. Simultaneously with that action, the FBI seized four web domains associated with Kejia Wang’s and Zhenxing Wang’s shell companies Hopana Tech LLC, Tony WKJ LLC, and Independent Lab LLC.